Impact of disabling Secure Renegotiation

Question

Currently my customer would like to disable Secure Renegotiation in client SSL profile since they found the report from sslab indicated there was a risk of DoS attack in secure renegotiation. May I know if anyone of you had disable this and got any problem in the web application?

hannes_rapp · Answer

Sure you can disable the SSL secure renegotiation, but there are some downsides in doing that.&nbsp;
Article explaining the difference: (if you have some time to read)&nbsp;
https://devcentral.f5.com/articles/ssl-profiles-part-6-ssl-renegotiation&nbsp;
Alternative solution with an iRule:&nbsp;
https://devcentral.f5.com/articles/ssl-renegotiation-dos-attack-ndash-an-irule-countermeasure&nbsp;
What ever solution you prefer, always best to test in a staging environment before implementing in production. If there's no staging environment available, try implementing the changes outside peak hours.&nbsp;

chinay2k_15322 · Answer

Thanks for the answer!&nbsp;

Forum Discussion

Impact of disabling Secure Renegotiation

2 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Raise your hand if you'll be at AppWorld 2026

Using Terraform to update / modify an existing iRule

getting compiling error when enabling Nginx App_potect

Behavior of masterkey on rSeries

run failover xxxxxx

Related Content

SSL Legacy Renegotiation vs Secure Renegotiation Explained using Wireshark

Overview of MITRE ATT&CK Tactic: TA0040 - Impact

SSL 3.0.7 - Unsafe legacy renegotiation disabled on client side

SSL Profiles Part 6: SSL Renegotiation

Impact of disabling TCP Timestamp in TCP and fasl4 profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS